package com.tju.backend.resources.config.security.configSecurity;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.tju.backend.resources.config.security.custom.MyAuthenticationException;
import com.tju.backend.service.business.SysUserService;
import com.tju.backend.utils.tool.ChineseExceptionUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.InputStream;
import java.util.Map;

/**
 * 重写UsernamePasswordAuthenticationFilter过滤器
 *
 * @USER: CLS
 */
public class MyUsernamePasswordAuthenticationFilter extends UsernamePasswordAuthenticationFilter {

    @Autowired
    SysUserService userService;
    @Autowired
    ChineseExceptionUtils zh_CN;

    @Override
    public Authentication attemptAuthentication(HttpServletRequest request,
                                                HttpServletResponse response) {
        try {

            if (request.getContentType().equals(MediaType.APPLICATION_JSON_UTF8_VALUE)
                    || request.getContentType().equals(MediaType.APPLICATION_JSON_VALUE)) {

                ObjectMapper mapper = new ObjectMapper();
                UsernamePasswordAuthenticationToken authRequest;
                //取authenticationBean
                Map<String, String> authenticationBean;
                //用try with resource，方便自动释放资源
                try (InputStream is = request.getInputStream()) {
                    authenticationBean = mapper.readValue(is, Map.class);
                } catch (IOException e) {
                    //将异常放到自定义的异常类中
                    throw new MyAuthenticationException(e.getMessage());
                }
                try {
                    if (!authenticationBean.isEmpty()) {
                        //获得账号、密码
                        String username = authenticationBean.get(SPRING_SECURITY_FORM_USERNAME_KEY), password = authenticationBean.get(SPRING_SECURITY_FORM_PASSWORD_KEY);
                        //检测账号、密码是否存在
                        if (userService.checkLogin(username, password)) {
                            //将账号、密码装入UsernamePasswordAuthenticationToken中
                            authRequest = new UsernamePasswordAuthenticationToken(username, password);
                            setDetails(request, authRequest);
                            return this.getAuthenticationManager().authenticate(authRequest);
                        }
                    }
                } catch (Exception e) {
                    throw new MyAuthenticationException(e.getMessage());
                }
                throw new MyAuthenticationException(zh_CN.LoginNamePwdNull);
            } else
                throw new MyAuthenticationException(zh_CN.HeaderError);
        } catch (NullPointerException e) {
            throw new MyAuthenticationException(zh_CN.LoginNamePwdNull);
        }
    }
}
